mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-07-13 05:15:13 +00:00
Code Issues Projects Releases Wiki Activity

Do not register plugin commands without valid permissions

Browse Source 
this could lead to harmful results, e.g. if a developer typo'd while writing the plugin.yml, an admin-only command could become accessible to everyone, since commands are by default accessible by everyone.
This commit is contained in:
Dylan K. Taylor 2021-10-06 01:18:14 +01:00
parent 1fafce6d6f
commit 31a176286d
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/plugin/PluginBase.php
View File

@ -199,7 +199,11 @@ abstract class PluginBase implements Plugin, CommandExecutor{
$newCmd->setPermission($data["permission"]); $newCmd->setPermission($data["permission"]);
}else{ }else{
$this->logger->error("Permission must be a string, " . gettype($data["permission"]) . " given for command $key"); $this->logger->error("Permission must be a string, " . gettype($data["permission"]) . " given for command $key");
continue;
} }
}else{
$this->logger->error("No permission set for command $key");
continue;
} }
if(isset($data["permission-message"])){ if(isset($data["permission-message"])){